General

  • Target

    13184312ad313e5c680a013e7143f2aa2e287d4a1b995bb3f855c54aa19c774e

  • Size

    405KB

  • Sample

    240426-jyjcjacd26

  • MD5

    8e6fa6749a52c699691e95d200567d3b

  • SHA1

    4725d65c86057b167fe6093611c535bac08e17d4

  • SHA256

    13184312ad313e5c680a013e7143f2aa2e287d4a1b995bb3f855c54aa19c774e

  • SHA512

    077a89921dddaf7e09eb355cc7711980916a861491bbcc8cd32719f5c23d843fb694676953ecdae6505caca7085fa10caa61461014657d6d9573f1d3a3af4a21

  • SSDEEP

    12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwrw:hjM5HsnMNmtSchnbwrw

Malware Config

Targets

    • Target

      13184312ad313e5c680a013e7143f2aa2e287d4a1b995bb3f855c54aa19c774e

    • Size

      405KB

    • MD5

      8e6fa6749a52c699691e95d200567d3b

    • SHA1

      4725d65c86057b167fe6093611c535bac08e17d4

    • SHA256

      13184312ad313e5c680a013e7143f2aa2e287d4a1b995bb3f855c54aa19c774e

    • SHA512

      077a89921dddaf7e09eb355cc7711980916a861491bbcc8cd32719f5c23d843fb694676953ecdae6505caca7085fa10caa61461014657d6d9573f1d3a3af4a21

    • SSDEEP

      12288:hOatvTLg/5HI+WnM93ss5WAlYjGJqMh8nbwrw:hjM5HsnMNmtSchnbwrw

    • Detect ZGRat V1

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Stealc

      Stealc is an infostealer written in C++.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks